Endpoint, also called Midnight, is a ransomware campaign reported against South Korean small and medium-sized businesses, with manufacturing victims specifically noted by South Korean authorities. The activity uses malicious email lures, supplier or IT service trust paths, remote-control malware, credential and internal data theft, and double extortion before file encryption; AhnLab separately describes the malware as a Babuk-derived family targeting Windows, ESXi, and NAS environments with ChaCha20 encryption, shadow-copy deletion, and backup or security service termination. AhnLab notes a prior ransom-note email was identified as used by North Korea-linked actors after 2024, but the available reports do not attribute Endpoint itself to a specific DPRK actor.